--
The version 2.0 is technically an API and ABI break due to the removal
of long deprecated functions. Most user's won't notice this except
for the changed SO number.
* src/trust-item.c: Remove file.
* src/trustlist.c: Remove file.
* src/Makefile.am (main_sources): Remove those files.
* src/gpgme.h.in (GPGME_EVENT_NEXT_TRUSTITEM): Remove.
(gpgme_trust_item_t, GpgmeTrustItem): Remove.
(gpgme_op_trustlist_start): Remove.
(gpgme_op_trustlist_next): Remove.
(gpgme_op_trustlist_end): Remove.
(gpgme_trust_item_ref): Remove.
(gpgme_trust_item_unref, gpgme_trust_item_release): Remove.
* src/gpgme.def: Remove removed functions.
* src/libgpgme.vers: Ditto.
--
The GPGME_ATTR_foo based functions are deprecated since 2003 and it is
time to remove them now.
The trustlist functions never worked:
This never worked in reality because the required feature has been
removed from GnuPG version 1.3.2 soon after introduction of this
feature in gpgme in 2003. It was anyway marked as experimental.
They even returned GPG_ERR_NOT_IMPLEMENTED since gpgme 1.14.0 (summer
2000) instead of failing with a incomprehensible error code.
GnuPG-bug-id: 4834
* README: Update.
* configure.ac: Remove checks, variables and file generations related to
the Python bindings. Remove python from available_languages and
default_languages.
* lang/Makefile.am (DIST_SUBDIRS): Remove python.
* lang/python: Remove.
* m4/ax_pkg_swig.m4, m4/ax_python_devel.m4, m4/python.m4: Remove.
--
The Python bindings have been moved to a separate Git repository:
gpgmepy.
GnuPG-bug-id: 7262
* README: Update.
* configure.ac: Remove checks, variables and file generations related to
the C++/Qt bindings. Remove cpp and qt* from available_languages and
default_languages.
* lang/Makefile.am (DIST_SUBDIRS): Remove cpp and qt.
* lang/cpp, lang/qt: Remove.
* m4/ax_check_compile_flag.m4, m4/ax_cxx_compile_stdcxx.m4,
m4/ax_gcc_func_attribute.m4, m4/pkg.m4, m4/qt5.m4, m4/qt6.m4: Remove.
--
The C++ and Qt bindings have been moved to separate Git repositories:
gpgmepp and gpgmeqt.
GnuPG-bug-id: 7262
* Makefile.am (gen-ChangeLog): Use test -e instead of test -d to check
for git working trees.
--
In secondary working trees (created with `git worktree add ...`) .git
is a file referencing the original .git directory.
* tests/json/key-with-revokers.asc: Replace with new public key.
* tests/json/t-keylist-revokers.out.json: Update to new public key.
--
The old test key expired on 2027-05-15 which would break the tests after
this date. Replace it with a new test key which doesn't expire. The new
key was generated with
gpg --faked-system-time 1715782979 \
--add-desig-revoker sensitive:A0FF4590BB6122EDEF6E3C542D727CC768697734 \
--add-desig-revoker 23FD347A419429BACCD5E72D6BC4778054ACD246 \
--quick-gen-key key-with-revokers@example.net default default never
and exported with
gpg --export --armor --export-options export-sensitive-revkeys \
key-with-revokers@example.net
GnuPG-bug-id: 7471
* lang/python/Makefile.am (uninstall-local): Get platlib path relative
to data path.
--
For unknown reasons (at least on my system) Python 3.1x's sysconfig
returns a platlib (== directory for site-specific, platform-specific
files) starting with /usr/local although the prefix config variable is
/usr. This broke uninstallation because a wrong folder was (tried to)
remove. Python 2.7 and 3.9 return a platlib starting with just /usr. In
order to always get the correct relative path we use the data path
instead of the prefix config variable as anchor directory.
--
Although the GPGME_PK_KYBER is technically an API change we ignore it
because this is just another enum value which does not change the ABI
and no software uses it yet. Kleopatra is the first to use this and
it already has a test for gpgme 1.24.1.
GnuPG-bug-id: 7440
* configure.ac (HAVE_GETTID,HAVE_SYS_GETTID): New test.
* src/debug.c: Include syscall.h if needed.
(tid_log_callback) [HAVE_SYS_GETTID]: Use SYS_gettid
--
Linux introduced the gettid syscall with 2.4.11 but glibc only with
its version 2.30. This patch allows building on older platforms.
Co-authored-by: lgh1
* autogen.sh: Update to version 2024-07-04 from libgpg-error.
* configure.ac (BUILD_COMMITID): New. Append to VERSION file.
* src/version.c (cright_blurb): Use BUILD_COMMITID here.
* src/conversion.c (spacep): New.
(_gpgme_strtokenize): New.
--
Function taken from GnuPG and license changed to LGPL 2.1. The
version in GnuPG was entirely written by the author.
* lang/cpp/src/gpgaddexistingsubkeyeditinteractor.h,
lang/cpp/src/gpgrevokekeyeditinteractor.h: Include <string>.
* lang/cpp/src/key.h: Include <ctime> instead of <sys/time.h>.
--
src/encrypt-sign.c (encrypt_sym_status_handler): Add call of
_gpgme_encrypt_status_handler.
(encrypt_sign_start): Call _gpgme_op_encrypt_init_result with
success_required=1 if archive is created. Always call
_gpgme_op_sign_init_result with success_required=0 because the encrypt
status handler already checks for SUCCESS.
src/encrypt.c (op_data_t): Add success_seen flag.
(_gpgme_encrypt_status_handler): Return error if we didn't see a
required SUCCESS on GPGME_STATUS_EOF. Set success_seen flag on
GPGME_STATUS_SUCCESS.
(encrypt_sym_status_handler): Add call of _gpgme_encrypt_status_handler.
(_gpgme_op_encrypt_init_result): Add argument success_required. Set
success_seen flag if SUCCESS is not required.
(encrypt_start): Call _gpgme_op_encrypt_init_result with
success_required=1 if archive is created.
src/ops.h (_gpgme_op_sign_init_result, _gpgme_op_encrypt_init_result):
Add argument success_required to prototypes.
src/sign.c (op_data_t): Add success_seen flag.
(_gpgme_sign_status_handler): Return error if we didn't see a
required SUCCESS on GPGME_STATUS_EOF. Set success_seen flag on
GPGME_STATUS_SUCCESS.
(sign_init_result): Add argument success_required. Set success_seen
flag if SUCCESS is not required.
(_gpgme_op_sign_init_result): Add argument success_required and
forward it to sign_init_result.
(sign_start): Call sign_init_result with success_required=1 if archive
is created.
--
gpgtar emits a SUCCESS status just before successful termination. If the
process terminates unexpectedly (e.g. because it's killed) then gpgme
now reports GPG_ERR_EOF. The SUCCESS status is only required if a
signed and/or encrypted archive is created which is only supported for
OpenPGP. The other engines reject the GPGME_ENCRYPT_ARCHIVE flag so that
we don't need to check the protocol in the generic code.
This change also adds handling of invalid recipients in case symmetric
encryption is used which makes sense because one can combine symmetric
and public key encryption.
GnuPG-bug-id: 6554
* configure.ac: Look for yat2m first in $prefix/bin and then in $PATH.
--
This makes sure that yat2m is found in case libgpg-error and gpgme are
installed in the same prefix.
* configure.ac: Add hint for YAT2M variable. Set HAVE_YAT2M if yat2m was
found.
* doc/Makefile.am (myman_pages): Set to empty string if yat2m isn't
available
--
* doc/gpgme-json.texi: New.
* configure.ac: Check for yat2m.
* doc/Makefile.am (YAT2M_OPTIONS): New. Also add all the other man
page stuff similar to what is used in gnupg.
--
ChangeLog entries by wk.
* src/gpgme.h.in (GPGME_ENCRYPT_ADD_RECP, GPGME_ENCRYPT_CHG_RECP):
New flag values.
* src/engine-gpg.c (have_cmd_modify_recipients): New.
(gpg_encrypt): Check availability of the feature and prepare command.
* tests/run-encrypt.c (main): New options --add-recipients
and --change-recipients.
--
GnuPG-bug-id: 1825
* src/key.c (_gpgme_key_append_name): Support email-only user IDs with
upper case letters.
* tests/gpg/t-keylist.c (struct key_info_s): Add algo, length, sec_algo,
sec_length.
(keys): Add expected algo and length for primary and secondary subkeys.
(main): Factor out code for checking a key and the code for the keylist
test. Call the factored out test function and a new test function.
(check_key, test_keylist, key_with_email_only_user_id,
key_info_email_only_user_id,
test_email_only_user_id_with_upper_case_letters): New.
--
Email-only user IDs with upper case letters are now also parsed as a
user ID with empty name and the complete user ID as email.
GnuPG-bug-id: 7280
* lang/python/setup.py.in (BuildExtFirstHack.run): Extend members of the
extension instead of lists that were passed to the extension.
--
setuptools 72.2.0 integrated changes in distutils which included
"Support for Pathlike objects in data files and extensions". With this
change the extensions now take a copy of the sources list passed to the
constructor instead of keeping a reference to the passed list. Hence,
modifying the sources list that was passed to the extension didn't
change the sources list of the extension anymore. This is fixed by
modifying the sources list of the extension directly. For consistency
we do the same for the swig_opts list.
GnuPG-bug-id: 7281
* configure.ac: Add substitutions GPGMEPP_PKGCONFIG_LIBS,
GPGMEPP_PKGCONFIG_CFLAGS, GPGMEPP_PKGCONFIG_HOST. Apply them. Configure
gpgmepp.pc file.
* lang/cpp/src/Makefile.am (pkgconfigdir, pkgconfig_DATA): New.
(EXTRA_DIST): Add gpgmepp.pc.in.
* lang/cpp/src/gpgmepp.pc.in: New.
--
This pkgconfig file will be used, at least temporarily, by qgpgme
to find gpgmepp, but it's also useful in general for projects that
don't use cmake.
GnuPG-bug-id: 7262
* lang/cpp/src/editinteractor.cpp (edit_interactor_callback_impl):
Send empty string to edit interface if General Error occurred.
--
A General Error is usually returned by the nextState function of the
concrete EditInteractor subclasses if gpg asks an unexpected question
which isn't handled by the edit interactor's state machine. In this
case, it's usually safe to go with the default answer. This makes the
edit interactors much more robust.
GnuPG-bug-id: 7274
* lang/qt/src/decryptverifyarchivejob.cpp,
lang/qt/src/decryptverifyarchivejob.h (DecryptVerifyArchiveJob): Add
member functions setProcessAllSignatures, processAllSignatures.
* lang/qt/src/decryptverifyarchivejob_p.h
(DecryptVerifyArchiveJobPrivate): Add member m_processAllSignatures.
* lang/qt/src/decryptverifyjob.cpp, lang/qt/src/decryptverifyjob.h
(DecryptVerifyJob): Add member functions setProcessAllSignatures,
processAllSignatures.
* lang/qt/src/decryptverifyjob_p.h (DecryptVerifyJobPrivate): Add member
m_processAllSignatures.
* lang/qt/src/qgpgmedecryptverifyarchivejob.cpp
(decrypt_verify_from_file_name): Add argument "processAllSignatures".
Set context flag "proc-all-sigs" if requested.
(QGpgMEDecryptVerifyArchiveJob::start): Set context flag "proc-all-sigs"
if requested.
(QGpgMEDecryptVerifyArchiveJobPrivate::startIt): Pass
m_processAllSignatures to decrypt_verify_from_file_name.
* lang/qt/src/qgpgmedecryptverifyjob.cpp
(decrypt_verify_from_filename): Add argument "processAllSignatures".
Set context flag "proc-all-sigs" if requested.
(QGpgMEDecryptVerifyJob::start, QGpgMEDecryptVerifyJob::exec): Set
context flag "proc-all-sigs" if requested.
(QGpgMEDecryptVerifyJobPrivate::startIt): Pass
m_processAllSignatures to decrypt_verify_from_filename.
* lang/qt/src/qgpgmeverifydetachedjob.cpp (verify_from_filename): Add
argument "processAllSignatures". Set context flag "proc-all-sigs" if
requested.
(QGpgMEVerifyDetachedJob::start, QGpgMEVerifyDetachedJob::exec): Set
context flag "proc-all-sigs" if requested.
(QGpgMEVerifyDetachedJobPrivate::startIt): Pass
m_processAllSignatures to decrypt_verify_from_filename.
* lang/qt/src/qgpgmeverifyopaquejob.cpp (verify_from_filename): Add
argument "processAllSignatures". Set context flag "proc-all-sigs" if
requested.
(QGpgMEVerifyOpaqueJob::start, QGpgMEVerifyOpaqueJob::exec): Set
context flag "proc-all-sigs" if requested.
(QGpgMEVerifyOpaqueJobPrivate::startIt): Pass
m_processAllSignatures to decrypt_verify_from_filename.
* lang/qt/src/verifydetachedjob.cpp, lang/qt/src/verifydetachedjob.h
(VerifyDetachedJob): Add member functions setProcessAllSignatures,
processAllSignatures.
* lang/qt/src/verifydetachedjob_p.h (VerifyDetachedJobPrivate): Add
member m_processAllSignatures.
* lang/qt/src/verifyopaquejob.cpp, lang/qt/src/verifyopaquejob.h
(VerifyOpaqueJob): Add member functions setProcessAllSignatures,
processAllSignatures.
* lang/qt/src/verifyopaquejob_p.h (VerifyOpaqueJobPrivate): Add
member m_processAllSignatures.
* lang/qt/tests/run-decryptverifyarchivejob.cpp,
lang/qt/tests/run-decryptverifyjob.cpp,
lang/qt/tests/run-verifydetachedjob.cpp,
lang/qt/tests/run-verifyopaquejob.cpp (struct CommandLineOptions): Add
member processAllSignatures.
(parseCommandLine): Add command line option --process-all-signatures.
(main): Pass new option to the job.
--
The new option processAllSignatures is added to all jobs that verify
data signatures. By enabling this option, one can tell gpg not to stop
checking signatures after the first bad signature.
GnuPG-bug-id: 6870
* lang/qt/tests/Makefile.am (clean-keyring): New target.
--
Many tests operate on the keyring in the build directory. If a test
fails then the keyring might be in an unclean state causing subsequent
tests to fail. The new make target allows cleaning the keyring without
resorting to brute force with "make clean".
* lang/qt/src/qgpgmechangeownertrustjob.cpp (set_owner_trust): New.
(QGpgMEChangeOwnerTrustJob::start): Use set_owner_trust if gpg is new
enough.
* lang/qt/tests/t-ownertrust.cpp
(ChangeOwnerTrustTest::testChangeOwnerTrust): Log unexpected error.
--
Using the --quick-set-ownertrust command to set the owner trust is much
more robust than using the edit interface. Prefer the former if gpg
supports it.
GnuPG-bug-id: 7239
